System and method for biometric authorization for financial transactions

ABSTRACT

The present invention is a system and method of biometric-based identity verification for authorizing financial transactions between a consumer and a merchant, said system comprising distributed processing to facilitate biometric matching and various types of financial transactions to facilitate said system&#39;s integration into current financial networks. System users register at least one biometric identifier, personal and/or business identity-verifying data, and financial account information. A user presents a biometric sample obtained from the user&#39;s person and the user&#39;s system ID number to conduct financial transactions. This data is used to authenticate the user&#39;s identity and authorize transfer of funds from the user&#39;s registered financial account to the designated recipient&#39;s account by matching the presented transaction biometric with at least one registered biometric template and without the use of a man-made financial account token or identity token.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No. 10/251,305, filed Sep. 20, 2002, which claims priority benefit under 35 U.S.C. §119(e) from U.S. Provisional Application No. 60/324,229, filed Sep. 21, 2001, each of which is incorporated by reference herein, in its entirety, for all purposes.

INTRODUCTION

This application relates generally to financial payments. More particularly, the present invention relates to a tokenless system and method for authorization of financial transactions through a shared database using a biometric and identification number (ID) for identification.

BACKGROUND OF THE INVENTION

Current methods of point-of-sale (POS) financial payments force a consumer to possess and present some type of man-made token in order to make a purchase. The simplest financial token is cash, wherein the token, itself, has value. More sophisticated financial tokens include checks, credit cards, debit cards, and value cards. These tokens link their owners with financial accounts, wherein either the owner has deposited cash or has promised to deposit cash in the future.

There are various problems with these tokens. One, they can easily be lost, stolen, or fraudulently reproduced, leaving the token's owner vulnerable to financial loss. Two, they are expensive for financial institutions to create and eventually those fees get passed on to the token owner. Three, these tokens are inconvenient to carry. If a consumer wishes to make any type of purchase, they are forced to carry one or more of these tokens in order to do so. In addition, whether the token is a check, card, or cash, the owner is still forced to carry it in some type of book or wallet, adding to the owner's everyday carry load. Four, although tokens such as credit and debit cards are thin and rather small, which aides their convenience to carry, they can become scratched, cracked, broken, or the numbers on them may become unreadable, leaving the consumer without access to the financial account represented by that token. Five, because of prevalent fraud, merchants often require consumers who present a check or card to present identity verifying information such as a photo ID in addition to the token representing access to a financial account in order to verify that the person presenting the token is its rightful owner. This adds time and expense to the payment process for the merchant.

Tokens, specifically credit and debit cards, have revolutionized the way consumers shop and have given consumers more financial protection and freedom. More people today who carry credit and/or debit cards instead of cash do so for convenience or funds security purposes. However, despite their size and security advantages, the consumer is still forced to carry a different token for each account, is still forced to find and present that token during a purchase, and is often required to present additional photo identification to verify that they are, indeed, the account holder of the presented token. The token-based financial system, although it works, is still not as secure or convenient as other forms of account presentation could be.

Alternative solutions to the above-described systems include a token-based financial access system combined with a personal identification number (PIN). This is a more secure manner of accepting and processing these financial account tokens but is no more convenient than the original token-based system because it still requires the account owner to carry a token. Another proposed security improvement to the token-based financial access system are smartcards, or tokens equipped with a silicon chip, which record the owning consumer's biometric or PIN and require the consumer to present a biometric or PIN when they use the token. Again, this is a more secure form of the token-based system, yet it provides no more convenience to the consumer. An added downside to the smartcard is its cost of production, which is nearly $3 to $5 per card. And although smart cards are an improvement of the more widely used magnetic token, they are still token-based and are still subject to all factors involved in using a token, including the risk of loss, theft, or counterfeit. What would improve the security, convenience, and cost effectiveness of financial account access while addressing the inherent problems of the token-based system is a tokenless financial access system.

Alternative tokenless financial transaction systems have also been proposed in U.S. Pat. No. 5,613,012, U.S. Pat. No. 5,615,217, U.S. Pat. No. 5,838,812, U.S. Pat. No. 5,870,723, U.S. Pat. No. 6,230,148, and U.S. Pat. No. 6,269,348. However, the systems proposed in these patents are problematic for two main reasons: 1) because they are inefficient in the manner they allocate the work load of the biometric comparison and matching during an identity verifying process and 2) because they do not include functions currently used in credit transactions.

Comparing and matching biometric information at a central database, as these systems propose, requires a powerful central server to perform the matching function of numerous simultaneous transactions. Such a system seems inefficient when the transaction devices that the proposed biometric transaction readers would be linked to have so much unused processing power. By distributing the matching function to various local devices (POS electronic cash registers and other POS transaction devices), the workload on the central database would be reduced, providing quicker, more efficient transactions with inexpensive, already existing devices.

Similarly, a system that only provides a sale function without providing for other important transactions that currently exist in the credit world, such as credit, void, and force, is incomplete and requires merchants to perform such transactions through token-based procedures, a process that not only reintroduces the previously addressed problems of the token but also weakens the significance of the system.

Considering the inconvenience and vulnerability associated with the token-based prior art of financial payments and due to the inefficient and incomplete methods of current biometric-based financial payment systems, what is needed is a system and method financial authorization and transactions that is tokenless, that is secure, that offers the full functionality of current token-based financial payment systems, and that distributes the processing of biometric samples to the point of sale.

SUMMARY OF THE INVENTION

It is therefore, an aspect of the present invention to offer merchants and consumers a convenient and secure way to conduct various types of financial transactions with the use of a biometric read (such as a fingerprint) and system ID (SID) number entry and without the use of any identity-verifying or monetary-representative tokens.

The system of the invention comprises registration of a plurality of merchants, employees, and consumers so that these parties may conduct enrollment, transaction, and account access functions within the system.

A merchant enrolls in the system by providing merchant financial account information and merchant identity verifying information in order to enroll consumers and employees into the system, perform various financial transactions, and perform account maintenance functions.

A consumer enrolls into the system by providing identity-verifying information, a biometric sample, a SID number, and one or more sets of financial account information. Once enrolled in the system, consumers may use the system in order to perform financial transactions, conduct system account maintenance, change account parameters, and verify the consumer's identity or age, by simply presenting a biometric and SID at a registered, properly-equipped station.

System access, identity verification, and financial transactions are approved within the system if the consumer's biometric read is matched with a consumer's enrollment biometric read stored in that consumer's account and if the system access meets preset parameters. An example of such a parameter might be, but should not be limited to, the accessed account not containing negative information. System access approval, whether the access is for maintenance or transaction purposes, is granted automatically by the central database or local device.

It is also an aspect of the present invention to provide registered consumers and merchants with a wide range of financial transaction abilities, specifically sale transactions, authorization transactions, post-authorization transactions, void transactions, void re-add transactions, credit transactions, and force transactions.

These and other aspects of the present invention will become apparent to those skilled in the art by a review of the specification that follows.

Although a number of salient features of the present invention have been described above, the detailed description that follows provides a more detailed exposition of additional features of the invention as it is embodied in various forms.

In this respect, before explaining at least one embodiment of the invention in detail, it is to be understood that the invention is not limited in its application to the details of construction and to the arrangements of the components set forth in the following description or illustrated in the drawings. The invention is capable of other embodiments and of being practiced and carried out in various ways. Also, it is to be understood that the phraseology and terminology employed herein are for the purposes of description and should not be regarded as limiting.

BRIEF SUMMARY OF THE DRAWINGS

Additional objects and advantages of the present invention will be apparent in the following detailed description read in conjunction with the accompanying drawing figures.

FIG. 1 illustrates a general architecture of a system for biometric authorization for financial transactions according to an embodiment of the present invention.

FIG. 2 illustrates a flowchart of a process for consumer enrollment into the biometric authorizations for financial transaction system according to an embodiment of the present invention.

FIG. 3 illustrates a flowchart of a merchant employee enrollment in the biometric authorization for financial transactions system according to an embodiment of the present invention.

FIG. 4 illustrates a flowchart of a process for a one-transmission transaction with an account selection option using a biometric authorization for financial transactions system according to an embodiment of the present invention.

FIG. 5 illustrates a flowchart of a one-transmission transaction with account auto selection in the biometric authorization for financial transactions system according to an embodiment of the present invention.

FIG. 6 illustrates a flowchart of a two-transmission transaction with account selection option in a biometric authorization for financial transactions system according to an embodiment of the present invention.

FIG. 7 illustrates a flowchart of a two-transmission transaction with account auto selection in a biometric authorization for financial transactions system according to an embodiment of the present invention.

FIG. 8 illustrates a flowchart of a credit transaction in the biometric authorization for financial transactions system according to an embodiment of the present invention.

FIG. 9 illustrates a flowchart of a credit transaction with biometric matching at the local device in a biometric authorization for financial transactions system according to an embodiment of the present invention.

FIG. 10 illustrates a flowchart of a void transaction in the biometric authorization for financial transactions system according to an embodiment of the present invention.

FIG. 11 illustrates a flowchart of a system ID re-entry or optional secondary ID input loop that may be performed during a transaction or account access in a biometric authorization for financial transactions system according to an embodiment of the present invention.

FIG. 12 illustrates a flowchart of a consumer account access with a biometric read for management purposes in a biometric authorization for financial transactions system according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

An embodiment of the present invention is a system and method for authorization of a financial transaction using a biometric sample and ID number.

Referring to FIG. 1, a general architecture overview of a system for biometric authorization of financial transactions according to an embodiment of the present invention is illustrated. One aspect of the system embodiment of the invention is the central database 102, wherein consumer system accounts, merchant system accounts, employee system accounts, and various other accounts and databases are held.

Accounts within the system's central database are shared across a plurality of enrolled merchants. Additionally, in an alternate embodiment of the present invention, accounts are “marked” to denote account status. By way of illustration and not as a limitation, accounts may be unmarked, marked partial enrollment, marked warning, or marked negative. An unmarked account indicates an account with no history of fraudulence in the system. An account marked partial enrollment indicates the account owner must complete enrollment into the system before the account owner is entitled to access that account. An account marked warning indicates an account with possible fraudulent activity in the system. An account marked negative indicates an account with fraudulent activity in the system.

Consumer accounts comprise at least one system identification number (SID) and other information useful for authenticating a consumer, associating a consumer with a financial account, and completing transactions. By way of illustration and not as a limitation, a consumer account may comprise consumer's government identification number(s) and corresponding state(s) of issue, home address, and a telephone number; one or more biometric sample; one or more financial account (e.g. checking, credit, or value); and a consumer may choose a SID from any of the previously listed numbers, may create a SID, provided the SID is unique to the central database 102, or may choose from system suggested ID numbers.

Merchant accounts comprise information useful for authenticating a merchant, associating a merchant with a financial account, and completing transactions. By way of illustration and not as a limitation, a merchant account may comprise a SID, merchant location, and a phone number; a list of terminal ID numbers (TIDs) of the terminals designated to perform system functions; one or more financial accounts; and enrollment and transaction approval/decline parameters.

Employee accounts comprise information useful for authenticating an employee and completing transactions. By way of illustration and not as a limitation, an employee account may comprise a government ID number, a home address, and a telephone number; one or more biometric sample; a SID; and employee system access parameters.

Again referring to the structure of the general architecture overview of a system for biometric authorization of financial transactions, the invention's central database 102 is connected to a network, such as, but not limited, to the Internet. As illustrated in FIG. 1, this network is connected to a merchant database 112 registered with the system and a financial institution 108. As would be apparent to those skilled in the art of the present invention, other entities could perform the functions of merchant database 112 and the financial institution 108 without departing from the scope of the present invention. For example, some or all of the functions of these two entities could be performed by the central database 102.

In an embodiment of the present invention, the merchant database 112 stores various system accounts, communicates enrollment and transaction information to central database 102. In another embodiment, the merchant database 112 further comprises connections to at least one transaction register 118 with a built-in biological identification device (BID) or with connections to a peripheral device with BID capabilities 120. By way of illustration and not as a limitation, the transaction register may be an electronic cash register (ECR) or other POS device. In the description of the embodiments that follow, the BID comprises a fingerprint identification device, however this is not meant as a limitation. Other BIDs may be utilized in the present invention without departing from its scope. For example, the BID may be a voiceprint reader, an iris recognition device, or any other type of biological identification device known in the art.

In an alternate embodiment, transaction register 118 is used for a number of duties, including but not limited to communicating enrollment and transaction information to the merchant database 112, and communicating enrollment and transaction information to central database 102. In yet another embodiment, merchant database 112 comprises connections to at least one customer service computer 114 with BID capabilities 116. In this embodiment, customer service computer 114 communicates enrollment and transaction information to the merchant's local database 112 and communicates enrollment and transaction information to the system's central database 102.

In an embodiment of the present invention, financial institution 108 holds any number of merchant financial accounts and consumer financial accounts and communicates with central database 102 regarding enrollment and transaction information. In another embodiment of the present invention, a merchant's financial account(s) and a consumer's financial account(s) are held at different financial institutions. In this embodiment, the system comprises connections to all financial institutions wherein said accounts are held.

In an alternate embodiment of the present invention, the system further comprises a computer 104; a wireless device 122, such as a cell phone, personal data assistant, or pager; a third party financial database 127, such as SCAN, Telechek, Equifax, or VISAnet; and a kiosk 128.

Party enrollment into the invention's system may be conducted through a registered merchant's local system. A local system is defined here as a merchant's system of connected information processors, including but not limited to the merchant's local database(s) 112, transaction processing register(s) 118, and merchant computer(s) 114. A system kiosk 128 might also be considered part of said local system if it is so configured and integrated into said local system.

Parties interested in enrolling in the invention's system further have the option to pre-enroll, that is provide a partial enrollment, by providing only a portion of the required enrollment information, for the invention's services via a computer 104, a kiosk 128, or a wireless device 122, which is connected to a network, preferably but without limitation the Internet, which is connected to the invention's central database 102. Businesses may also pre-enroll employees for consumer accounts within the system. In doing so, a business might register with the system's central database a list of employees, an employee number for each employee, or any other information that an employee might be willing to share for pre-enrollment purposes. Merchants might also pre-enroll employees for employee accounts within the system in the same manner as described in the above business pre-enrollment description.

Other forms of pre-enrollment may include registering with the invention's central database purchased, or acquired, database information that might supply the system with various individual's information. Said information could be easily entered into the central database of the present invention so that when a consumer whose information was recorded in one of those databases wants to enroll in the system of the invention, some or all of that information contained within said purchased or acquired database would already be available within the system and would not need to be entered at the time of enrollment, thus saving time for both the consumer and the merchant during enrollment.

Financial transactions are conducted within the system through a number of devices including but not limited to a customer service center computer 114 with attached BID 116 or a transaction processing register 118 with attached BID 120. In another embodiment, the system is configured to conduct financial transactions through remote devices, such as a PC 104, a wireless device 122, or a kiosk 128. A remote device is here defined as any device connected to a network through which the device may communicate with the system's central database and which is not connected to a registered merchant's database. Such remote devices and all other remote devices which communicate with the system's central database may or may not contain BID capabilities or be connected to a peripheral with BID capabilities. Although the kiosk 128 with BID 130 is listed above as a remote device, it is envisioned but is not limited to reside in the merchant location for enrollments, pre-enrollments, account maintenance, and purchases. The kiosk 128 may be configured as a remote device or a local device depending on whether or not the registered merchant desires to integrate the kiosk into its local system.

Consumer, merchant, and employee account management may be conducted at any of the following: a consumer or business computer. 104, which may or may not have an attached BID 106, and is connected to a network, which is preferably but without limitation the Internet, which is connected to the invention's central database 102; any participating merchant's customer service counter computer 114 with an attached BID 116 or any participating merchant's transaction register 118 with attached BID 120, which are both connected to the merchant database 112 which is connected to the invention's central database 102 via a network such as the Internet; one or more of a consumer's wireless devices 122, which may or may not have an attached BID 124, connected to a wireless network which is connected to a network such as the Internet connected to the invention's central database 102; or a kiosk 128 with attached BID 130 and which is attached to the invention's central database 102 via a network such as the Internet. It is envisioned that merchants who perform account management have specialized permission to do so. It is also envisioned that a portion or all of employee account management may be conducted by the merchant or the employee.

Referring to FIG. 2, a flowchart of a consumer's enrollment process according to an embodiment of the present invention is illustrated. A consumer begins enrollment. The consumer is prompted to provide personal information, a SID number, a biometric sample, and one or more financial account 202.

By way of illustration and not as a limitation, the personal information provided during the enrollment may simply be driver's license data read from a magnetic stripe or bar code or may include a social security number, address, phone number, or any other information about the enrolling consumer. Said personal information may be swiped, scanned, hand keyed, or entered by another means by the consumer or the merchant. Information might also be captured in a digital image scan of the token or tokens which provides the consumer's personal information.

The consumer's biometric sample is entered via a biometric scanner. This sample is then translated to and stored in template form. Template forms of scanned biometrics are generally used for biometric comparisons. In an additional embodiment, the digital scan of the biometric is itself also stored in the central database. Such an embodiment that also stores the biometric digital scan is useful for reasons such as, but without limitation, biometric matching purposes, security procedures (in the case of an individual attempting to fraudulently access the system), or information protection in the event database information is lost or templates need to be re-constructed due to hardware revisions.

The system may optionally be configured to allow a consumer to register more than one type of biometric sample or two or more of the same type of biometric during enrollment. For example, the invention's system may be configured to accept a fingerprint biometric along with a face scan biometric, or the system may be configured to allow the consumer to register finger scans from more than one finger. Storing a biometric template in the consumer's system account that includes data from more than one biometric sample type enables that consumer the convenience of presenting any one of the consumer's previously scanned biometrics for account access authorization and/or funds transfer within the system of the invention.

Financial account information is entered via magnetic stripe read, hand keying, or another input method. Checking account information is entered by a magnetic ink character recognition (MICR) read, an optical character recognition (OCR) read, hand keying, or entered by another method of input. The method of information input is also recorded for each enrollment. In an alternate embodiment, the system is configured to take a digital image of the monetary-representative token the consumer normally uses to access the presented financial account and store this digital scan in the consumer's system account.

The SID is a number used to help identify individuals enrolled in the invention's system. A SID is not equivalent to a PIN used for financial ATM and debit transactions. Rather, a SID simplifies the verification of the biometric sample. The SID may be a unique number (a number with no chance of being honestly duplicated, e.g., a social security number), reasonably unique number (a number with a statistically small chance of being duplicated), or non-unique number (a number with a large chance of being duplicated). While a SID comprising a unique number will inherently provide more security, the present invention is not so limited.

In another embodiment, a secondary ID-number is utilized in the event that an individual does not remember the SID. In this embodiment, the secondary ID number is any number the consumer registered during enrollment, such as, but not limited to, a home phone number, work phone number, social security number, or driver's license number.

Continuing with the enrollment process, after all consumer data is entered, all data entered is transmitted to the central database 204. The consumer's data is compared to data already registered in central database 204 for uniqueness 206. This re-enrollment check enables the system to prevent multiple enrollments from the same consumer and helps alert the system to potentially fraudulent enrollments. In checking for re-enrollment, central database 204 searches data contained therein to verify that one or more parts of the enrolling consumer's data is not enrolled in the system of the invention. If the enrolling consumer's data is not found in the enrolled accounts in the system, the enrollment process continues 222.

If the enrolling consumer's data is found in the central database 204 and the account where the duplicate information is found is not marked as a pre-enrollment account, the enrollment is automatically declined by central database 204. In another embodiment of the present invention, the merchant decides whether to accept or decline the enrollment. In this embodiment, the process further comprises displaying to the merchant the field(s) or entire account(s) wherein those duplicate fields are held. This enables the merchant to decide whether or not to accept an enrollment where only select information is duplicated, such as a phone number or address. Also, in this embodiment, a merchant is permitted to set parameters that would automatically accept or decline an enrollment based on the merchant's selected criteria.

If the enrollment is declined 208, whether it is declined by the database, the merchant, or merchant pre-set parameters, the enroller is given the opportunity to call the system's customer service. As illustrated in FIG. 2, this contact is immediately available at the point of enrollment.

If the enrolling consumer's data is not found in any of the databases within the system's central database, the enrollment continues by displaying an authorization notice 222. Once authorized by the consumer, this authorization gives any enrolled merchant permission to access the consumer's financial accounts associated with the consumer subject to verification of the consumer's identity by matching the consumer's SID and at least one biometric identifier with consumer's registered data. The following illustrates one form of such an authorization message::

“I authorize the central database authority to electronically access my accounts for financial purposes upon presentation of my biological identicators or account management purposes upon presentation of my biological identicators or selected password over the Internet or via a wireless communication device.”

The consumer is prompted to re-enter at least one earlier entered biometric sample 224 to verify that they agree with the authorization notice and to authorize future transactions. The biometrically authorized authorization notice and all account information remaining in the local device are transmitted to the invention's central database 226 and recorded in the database.

Referring to FIG. 3, a flowchart of a method of employee enrollment into the invention's system according to an embodiment of the present invention is illustrated. This enrollment is for tracking employee transaction activity within the system and may be used for security purposes. The employee enters the employee's biometric and SID 302. The employee's personal information, employee information, and merchant-set parameters are also entered 302. The employee information is sent to the invention's central database 304 where it is compared to other employee information for uniqueness 306. If the employee's information is unique, the local device will display an authorization notice outlining the responsibilities and parameters the merchant has selected to assign to them 308. The employee then re-inputs the employee's biometric 310 for verification that the employee understands his or her responsibilities within the invention's system. The employee's information is sent to the invention's central database 312 where it is recorded.

Referring to FIG. 4, a flowchart of a one-transmission transaction with account selection according to an embodiment of the present invention is illustrated. The transaction begins with the consumer selecting to use the system via a local device. The consumer selects to use the invention's services to pay for a purchase by selecting the invention's designated “key” on a keypad or selecting the invention's designated logo or other visual representation on a digital display. The transaction amount is entered 402. The consumer selects the type of financial account to be used for the purchase and enters the SID and biometric 404 (herein referred to as the “consumer transaction biometric). In an alternate embodiment the consumer may select to pay for the purchase with more than one account by selecting multiple accounts at the account selection prompt.

The type of account the consumer chooses may be any account that they have previously registered with the invention's central database before the time of purchase. In an embodiment of the present invention, the display comprises any Checking 1, Visa 1, Visa 2, American Express 1, American Express 2, and American Express 3. This embodiment of the display consists of an alphanumeric display consisting of two parts: 1) the alpha, which indicates the type of account represented, and 2) the numeric. In an alternate embodiment, the numeric further designates the priority of the account or the frequent use of the account. For example, the consumer may have registered a Visa account upon enrollment. This being the first Visa account registered in the system, the account would be automatically labeled in the system as Visa 1. However, if the consumer registers an additional Visa account, the system will automatically mark the second account as Visa 2. The consumer might later have the option of marking the second registered Visa account as the Visa account of choice within the system and thus make it Visa 1 while the previously registered Visa account would be labeled Visa 2. In this embodiment, the default function of the numeric character is to represent order of enrollment per account subject to reassignment by the consumer.

After the consumer makes an account selection, the consumer's transaction biometric is held at the local device while the remaining transaction information is sent to the invention's central database 408. In an alternate embodiment, the system is configured to send only select information to the central database. The central database uses the transaction information to find registered biometrics that are potential matches to the consumer's transaction biometric 410. The transaction is also checked against system pre-approval parameters used to help the system determine whether or not the transaction should be approved. In another embodiment, the system checks the transaction against merchant pre-set parameters, which merchants may set through account maintenance.

All information obtained from the central database is returned to the local device 412. The potential matches are compared to the consumer's transaction biometric 414. If a positive biometric match is made, the transaction is automatically approved 424. If no biometric match is made, if the transaction biometric is matched with an account marked negative, or if the pre-approval parameters are not met, the transaction is declined 428 and the merchant and consumer are notified.

If the consumer's transaction biometric is matched to a biometric linked to either an account marked warning or negative the transaction is declined. Optionally, the system may be configured to allow merchants to choose whether to approve or decline the transaction. If the system is configured to allow the merchant to approve or decline a transaction resulting from such a match, the merchant may either manually select to accept or decline the transaction or the merchant may set pre-approval parameters that would automatically approve or decline the transaction.

Where the merchant is empowered to choose to accept or decline a transaction, the local device may also be configured to display a warning message, a warning message containing a reason the transaction might have been declined by a central authority, or a warning message with a reason for potential decline and other information about the consumer's system account. Such information might provide the merchant with information upon which to base a transaction decision.

Once an approval or decline has been made, the local device informs the consumer of the transaction results via digital display or printed receipt. The system may also be configured to print or display to the consumer a reason that the transaction was declined and a phone number to a service center to call for further explanation.

The system may additionally be configured to allow consumers to request cash back from the merchant. If the system is configured to allow cash back, the cash back process, although it is integrated into a transaction already in progress, is considered a separate transaction that is approved or declined separately from the transaction already in progress. In one embodiment, the cash back option automatically begins after either the transaction amount is entered 402 or the consumer selects the type of financial account to be used to make a purchase and enters the consumer's SID and biometric 404. However, in another embodiment, the consumer requests cash back by selecting a specific button on the local device or picture on the display of the local device. In the automatic embodiment, the local device asks the consumer if they would like cash back from the merchant. If the consumer selects to not receive cash back, the transaction continues as normal. If the consumer selects to receive cash back, they are prompted to enter the amount of cash back they desire or select an amount from a list of amounts displayed by the local device. Once a cash back amount is entered, the transaction is marked as a cash back transaction and the transaction continues as usual. Once the transaction information is sent to the system's central database, this mark signals the central database to verify that the selected accounts of the potential biometric matches allow cash back. If an account is verified as allowing cash back, its linked biometric is flagged. This flag signals to the local device that the cash back is approved if the consumer's transaction biometric is matched to a flagged biometric. Additionally, the cash back option may be regulated by system or merchant pre-set parameters. The cash back option would proceed similarly in the consumer-activated cash back option.

Referring to FIG. 5, a one-transmission transaction with account auto selection according to an embodiment of the present invention is illustrated. This transaction allows a consumer who only has one financial account registered with the system or has set a preferred account to proceed with the transaction without selecting which account they would like to use. Therefore, account selection information is not sent to the central database along with the transaction information. The transaction information is entered 502. The consumer enters the consumer's SID and biometric 504. The local device runs the cash back option if the system is configured to do so. All transaction information except for the consumer's transaction biometric is transmitted to the central database 506. In an alternate embodiment, the system may be configured to send only select information to the central database. The central database finds potential biometric matches for the consumer's transaction biometric 508. Additionally, if the system is configured to allow cash back and the consumer has indicated they would like cash back from the merchant, the central database flags the potentially matching biometrics that are linked to financial accounts that allow cash back. The central database sends the potential matches and a transaction pre-approval to the local device 510. The local device determines whether or not any of the potential biometric matches match the consumer's biometric 512. If the consumer's identity is verified the transaction is approved and the consumer and merchant are notified 514. Additionally, if the consumer requested cash back from the merchant, the local device determines if the matching biometric is flagged. If the biometric is flagged, the cash back request is fulfilled and the device notifies the merchant of how much cash the system has approved giving the consumer.

If the consumer's identity is not verified or the consumer is negatively identified, the transaction will be declined with a reason and the merchant and consumer will be notified 516. Optionally, the merchant may decide to accept or decline the transaction if a negative identification has been made.

Referring to FIG. 6, a two-transmission transaction with account selection according to an embodiment of the present invention is illustrated. The transaction amount is entered 602 and the consumer selects the type of account to be used to make a purchase and enters the consumer's SID and biometric 604. In an alternate embodiment the consumer may select to pay for the purchase with more than one account by selecting multiple accounts at the account selection prompt. The transaction information is sent to the invention's central database to search for potential biometric matches to the consumer's transaction biometric 606. In an alternate embodiment, the system may be configured to send only select information to the central database. The central database finds potential matches 608. If the system is configured to allow cash back and the consumer has indicated they would like cash back from the merchant, the central database flags the potentially matching biometrics that are linked to financial accounts that allow cash back. The potential matches are returned to the local device 610. The local device compares those potential matches with the consumer's transaction biometric 612. If a positive match is found, the full transaction packet is sent to the central database 614. In an alternate embodiment, the consumer is permitted to request cash back prior to transmission of the full transaction packet if the consumer did not already do so.

The central database determines whether or not the transaction should be approved or declined 616. In one embodiment, prior to approving or declining a transaction, the central database communicates with the financial institution that houses the consumer's selected account. In another embodiment, the central database communicates with a financial database that holds credit scoring on the consumer. In yet another embodiment, the central database communicates with other financial databases to obtain financial information about the consumer relevant to determining whether or not the consumer has sufficient funds to cover the transaction. In still another embodiment, the central database simply evaluates the transaction based upon system, merchant, and/or consumer parameters.

If the transaction is approved, the merchant and consumer are notified 618. If the consumer requested cash back during the transaction and were approved for the cash back amount selected, the merchant is notified of the amount of cash back. If the transaction is declined, notice is sent to the local device 620, along with a reason the transaction was declined. Optionally, the merchant may decide to accept or decline the transaction if a negative identification has been made.

Referring to FIG. 7, a two-transmission transaction with account auto selection according to an embodiment of the present invention is illustrated. The transaction amount is entered 702. The consumer enters the SID and biometric 704. Transaction information other than the consumer's transaction biometric is transmitted to the invention's central database 706. In an alternate embodiment, the system may be configured to send only select information to the central database. The central database finds potential biometric matches for the consumer's transaction biometric 708, and if the cash back option was selected by the consumer, the central database flags biometrics that are linked to financial accounts that allow cash back. All potential biometric matches are sent to the local device 710. The local device determines whether or not a match between the potential biometric matches and the consumer's transaction biometric can be made 712. The local device sends the full transaction packet to the central database 714. As with the two-transmission transaction with account selection (illustrated in FIG. 6), the central database determines whether or not the transaction is approved or denied 716. (See the description of various exemplary embodiments relating to transaction approval in reference to FIG. 6.). If the transaction is approved 718, the merchant and consumer are notified and the merchant is notified of the cash back amount if applicable. If the transaction is denied 720, the merchant and consumer are notified and given a reason for the declined transaction. Optionally, the merchant may decide to accept or decline the transaction if a negative identification has been made.

Referring to FIG. 8, a flowchart of a credit transaction according to an embodiment of the present invention is illustrated. The merchant enters the SID and biometric 802. The credit amount is entered 804. The consumer enters the SID and biometric 806. In an alternate embodiment, the number of the transaction being credited is also entered. All data entered is transmitted to the invention's central database 808. If the central database identifies the merchant and consumer 810, and optionally the transaction number, the credit is approved and the merchant and consumer are notified 814. If either of the party's identities is not verified, the transaction may result in any of the following: an automatic transaction decline, a system ID re-entry loop, or a merchant manual or automatic approval or decline. If the consumer is negatively identified, the transaction might be automatically declined with a reason and the merchant and consumer would be notified of the decline and reason for the decline. In addition, if the consumer is negatively identified, the merchant might opt to decide whether or not to approve the transaction. The merchant might then manually accept or decline the transaction or its pre-set parameters might automatically accept or decline the transaction for them. An additional embodiment of the credit transaction comprises the merchant information being evaluated in the local database. Such an embodiment would allow the local device to communicate a smaller set of transaction information to the central database. Yet a further embodiment of the credit transaction comprises the merchant conducting the transaction without entering the merchant biometric and SID.

Referring to FIG. 9 a credit transaction with local matching according to an embodiment of the present invention is illustrated. A merchant enters the SID and biometric 902. The credit amount is entered 904. Optionally, if credits are limited to transactions previously run, the transaction number is entered into the local device. The consumer enters the SID and biometric 906. The merchant's SID and consumer's SID are transmitted to the central database 908. The central database returns potential biometric matches for the merchant's and consumer's transaction biometrics 910. The local device determines whether or not said matches can be found 912. If matches are found, the credit is approved and the merchant and consumer are notified 914. If matches are not found, the credit is denied and the merchant and consumer are notified 916. In an additional embodiment, the credit transaction with local matching comprises the merchant conducting the transaction without entering the merchant biometric and SID.

Referring to FIG. 10, a flowchart of a void transaction according to an embodiment of the present invention is illustrated. The merchant enters the transaction number to void 1002. The transaction information is sent to the invention's central database 1004. The invention's central database finds the transaction number 1006. If a match is found, the void is approved and notice is sent to the local device 1008 where the merchant is notified. If no transaction number match is found, the void is denied and notice is sent to the local device. In another embodiment, the void transaction comprises the merchant entering the merchant's biometric and SID. In another embodiment, the merchant's biometric is matched in the central database. In yet another embodiment, the merchant's SID is used to find potential biometric matches that the central database returns to the local device where a match is found.

Referring to FIG. 11, a flow chart of a system ID re-entry loop according to an embodiment of the present invention is illustrated. In an embodiment of the present invention, an SID re-entry loop is performed after any transaction or account access identification failure 1104, meaning no identification of the presented party (whomever is attempting to access an account, i.e. consumer, employee, or merchant), positive or negative, was made. The local device will display the SID the party entered, and the party will be prompted to verify that the SID displayed is the SID they intended to enter 1106. If the party verifies that the SID displayed is correct, the device will prompt the party to enter a secondary ID number 1114. The party will then enter a secondary ID number (as previously described). The secondary ID number is sent to the invention's central database to attempt party identity verification again 1116. If verification based on the secondary ID fails, the transaction is declined with a reason and the merchant and party are notified 1118.

If the party does not verify the SID the device displays, the party will be prompted to enter the correct SID 1108. The new SID is sent to the central database. If verification fails again, the party will be prompted to enter a secondary ID number 1114. If the secondary ID number helps provide an identifying match, the transaction continues for approval 1112. If the secondary ID number does not help provide a correct match, the transaction is declined with a reason 1118, and the party is notified.

Referring to FIG. 12, a flowchart of an account management access method with use of a device connected to a biometric reader according to an embodiment of the present invention is illustrated. This embodiment permits consumers, merchants, and employees to perform account management of accounts held at the central database. In an alternate embodiment, merchants may limit their employees to certain areas of the merchant's accounts or may not allow employees to perform maintenance on the merchant's accounts at all. In an yet another embodiment, an employee is permitted to perform maintenance on a merchant account, only upon entry of both the employee's access data (biometric plus SID or password plus SID) and the merchant's access data (biometric plus SID or password plus SID). The system may also be configured so that the merchant may access an employee's account without the employee's permission.

In account maintenance, the account manager—whomever is performing account management, such as the consumer, the employee, or the merchant—enters the SID and biometric 1202. The local device sends the SID and biometric to the central database 1204. The central database searches for a match to the manager's entered information 1206 for identity verification purposes. If the manager is identified, the manager is allowed to access accounts for management purposes 1208, and the manager performs account maintenance 1210. If the central database is unable to match the manager's SID and biometric, the account management access is denied. The system may also be configured to regulate account access according to certain parameters. Additionally, the time an account access remains idle may be regulated by a time-out feature. For example, if a merchant is performing account maintenance and walks away from the account maintenance machine for a few minutes, the system will automatically log the merchant out to prevent bystanders from accessing the merchant's account.

Although the drawings of this application and the corresponding detailed descriptions mainly describe merchants as the enrollment and transaction operators of the system, it is envisioned that merchant employees will also operate enrollment and transaction functions within the system. The system may be configured to allow all merchant employees who are registered in the system to perform enrollment and transaction functions. Additionally, the system may be configured to allow merchants to set their merchant employees' function allowances within the system, by pre-setting employee function parameters during employee enrollment or employee account maintenance.

Additionally, it is envisioned that all transactions and functions within the system allow for various types of transactions and functions to be performed that are credit card related such as but not limited to pre-authorization, authorization, post-authorization, terminal settlement, and host settlement.

Following is a description of various additional embodiments and methods of the system.

In an alternate embodiment, consumers may also set pre-set parameters that help the system determine whether or not a transaction should be approved. Such pre-set parameters may include but are not limited to consumers setting a limit on how much may be spent out of a specific account, regulating the merchant and/or geometric region in which an account may be accessed, and also allowing other consumers to use a system account to pay for purchases. For further detail of how a consumer might allow other users to access an account see commonly assigned application Ser. No. 09/765,789, filed by Tim Robinson on Jan. 19, 2001. The Ser. No. 09/765,789 application is incorporated by reference herein, in its entirety, for all purposes.

According to a hybrid embodiment, the system of the invention may optionally include enrollment, purchase, or cash withdrawal functions at non-conventional POS sites, provided those sites are equipped with the proper system equipment. Non-conventional POS sites might include but are not limited to PCs; ATMs; wireless devices; specially equipped payphones; self-checkout POS register stations where multiple registers are monitored by one merchant and where a consumer physically processes the consumer's transactions; unattended, automated cash registers such as those that exist in most gas pumps; vending machines; or any other automated and/or non-traditional POS site.

According to an additional hybrid embodiment, the system might allow consumers to choose whether to enroll into the system without providing any financial account information. If a consumer enrolls financial account information, the consumer may use the entirety of the system. However, if a consumer chooses to not enter any financial account information, they may use the system for non-financial transactions such as but not limited to identity verification, age verification, or a reward/loyalty type system a merchant might connect to the system.

It is also an additional embodiment of the present invention for accounts enrolled at a specific merchant to be recorded and stored on the merchant's local database before the information is transmitted to and stored on the invention's central database. Such storage would be for information back up and could be used for transaction matching purposes for consumers who enrolled with said merchant's devices in the event that the system's central database is unavailable for information access. In such an embodiment, the merchant's equipment might also be configured to communicate directly with the local database at any one or all of the transmission or reception steps within the enrollment or transaction processes instead of communicating with the system's central database. This embodiment would comprise the merchant later connecting with the invention's central database to update newly enrolled accounts within said central database and to authorize money transfers from transactions logged earlier in the day.

An additional embodiment of the invention comprises encrypting information transferred between two points in the system. For purposes of example and without limitation, transaction information may be encrypted at one point and sent across a non-secure connection between the points or not encrypted at a point of communication but sent to the other point of communication across a secure connection. Encryption and decryption of said messages may be monitored by services provided by a company such as VeriSign. As an added level of security, one alternate embodiment encrypts even information internal to a terminal and which is never transmitted in a communication. This prevents retrieval of sensitive information (e.g., data corresponding to a biometric scan) from a stolen terminal.

An additional feature of the present invention comprises an individual enrolling in the system of the invention the ability to register a password that in conjunction with a SID would allow the individual to perform account maintenance of a system account over the Internet from a remote device.

Another embodiment of the invention comprises the central database providing consumers and employees with SID suggestions if the entered SIDis already registered within the system. These suggested SIDs are envisioned as SIDs that are not already registered in the system but are similar to the SID the consumer or employee originally entered.

According to another hybrid embodiment, the system might be configured to ask that the merchant supervising the consumer enrollment and/or transactions input the merchant's biometric for employee tracking and/or verification purposes.

An additional feature of the system allows direct transition from an enrollment into a POS transaction without starting a new transaction. This would allow a consumer to enroll into the system just before they purchase an item and then begin purchasing the item without having to reenter the consumer's biometric and SID.

According to another hybrid embodiment, all or select enrollments, transactions, and account access methods may additionally comprise printing a paper receipt of the system activity performed during the system access. Information included on this receipt may be any information pertinent to the transaction type, including but not limited to date, transaction number, account used, the invention's customer service phone number, instructions on how to contact the invention's customer service, merchant info, or other transaction information.

In an additional embodiment, the order in which information is entered need not be definite. For example, a consumer may be prompted to enter identifying information before the transaction amount is entered or the consumer may enter a biometric before entering a SID.

It is also an alternate embodiment of the present invention to provide merchants with consumer and employer profile reports in case of suspected fraudulent activity. These reports may be customized to display selected information from an employee's or consumer's account history or record.

According to another hybrid embodiment, the system may be configured to send the local device's TID along with transaction information for consumer security purposes. If the TID is not registered with the invention's central database, the consumer's information is not processed. Optionally, the local device display may give the consumer a system customer service number to call and a transaction code to reference during the call, so they may find out why the transaction was declined.

In an additional embodiment, the system may also comprise an age-verification feature. This feature would allow merchants to verify a consumer's age if that consumer is attempting to purchase age-regulated items, such as cigarettes or alcohol. This feature may be combined with the consumer using the system to pay for the purchase containing the age-regulated items or may be a function separate from the purchase, in the event that the consumer is registered with the system but would prefer paying for a purchase with an alternate form of payment, such as cash, certificate(s), or a credit card the consumer has not yet registered with the system. For the age verification access without financial account access, the consumer would simply be prompted to enter the consumer's biometric and SID into the system for age verification.

It is also an alternate embodiment to provide merchants with a transaction re-add function in the case that a transaction is inadvertently voided. Current credit card financial procedures completely erase a transaction once that transaction has been voided and force merchants who need to re-add a mistakenly voided transaction to create a new transaction by either re-swiping the consumer's card (if the consumer is still present) or manually entering the consumer's credit card number into a keypad. Since the system of the current invention does not authorize credit transactions by account numbers but does so by biometrics, an alternative method of correcting an inadvertent void must be introduced. A transaction re-add function would enable merchants and authorized merchant employees to easily re-add voided transactions into the system upon need. Such a function might be enabled by the authorized function operator pressing a button on the local device or by selecting the function from an electronic display. This function might also comprise the authorized function operator to provide biometric and/or a SID in order to access the function.

In a hybrid embodiment of the invention, the system might offer a merchant manager functions menu. Such a menu might be accessed by managers with access privilege noted in the merchant's system accounts. The menu might be accessed by the manager pressing a button or selecting a menu representative image on a system integrated terminal display and by presenting a scan of the manager's biometric. Once the system has verified the manager's identity and verified that they are allowed access to the merchant menu, the system will allow the manager to select various functions from the manager functions menu. Such functions might include but are not limited to conducting a credit or sale without a consumer biometric, performing a re-add void, or performing a force transaction, wherein the manager forces the system to accept a transaction that the system declined.

In an alternate embodiment, consumer system accounts may be associated with a financial score which may include scoring gathered from existing credit scoring databases or may include scoring generated by the consumer's history within the system of the invention. This score may then be used as a pre-approval parameter.

In an additional embodiment of the two transmission transactions, the transaction might be assigned a reference number to speed transaction processing when the second transmission is sent to the central database.

In an additional hybrid embodiment, digital images of all biometrics scanned for registration or enrollment purposes are stored in the system's central database.

A biometric identification system for financial transactions has been illustrated. It will be appreciated by those skilled in the art that the system and method of the present invention can be used to perform financial transactions without physical access devices and prevent fraud in such areas as retail sales, access to bank accounts, and financial and information transactions of many different kinds. For example, it is anticipated that the present invention will find utility in preventing unauthorized access to information stored on various types of information servers and not simply for the use in access of funds. It will thus be appreciated by those skilled in the art that other variations of the present invention will be possible without departing from the scope of the invention as disclosed. 

1. A system for authorizing transactions utilizing biometric data, the system comprising: a database, residing at a first location, containing one or more system user accounts holding at least biometric data and system user information; one or more approval stations residing at locations distinct from the first location, wherein an approval station comprises a means for sampling one or more presented biometric characteristics and comparing data derived from a sampled biometric characteristic with registered biometric data received from a system user account stored at a database; and a transmission means for transmitting one or more of biometric data and system user information between an approval station and a database.
 2. The system of claim 1, wherein the system user account is a consumer account and the system user information stored therein comprises one or more of an identification code, government identification data, an address, a telephone number, financial account data, age data, loyalty account data, and reward account data.
 3. The system of claim 1, wherein the system user account is a merchant account and the system user information stored therein comprises one or more of an identification code, merchant location data, a telephone number, terminal identification data, financial account data, enrollment parameters, and transaction parameters.
 4. The system of claim 1, wherein the system user account is a merchant employee account and the system user information stored therein comprises one or more of an identification code, government identification data, an address, a telephone number, and employee system access parameters.
 5. The system of claim 1, wherein an approval station is located at one of a register, a computer, a wireless device, a kiosk, an automated teller machine, a payphone, or a vending machine.
 6. The system of claim 1, wherein an approval station further comprises a means for receiving an identification code.
 7. The method of claim 1, wherein the system is further enabled to administer one or more types of financial transactions.
 8. A method of using a transaction system to provide approval of a transaction between a merchant and a consumer, wherein the method comprises: receiving, at an approval station, biometric data derived from one or more proffered biometric characteristics and an identification code; transmitting the identification code to a database at a location remote from the approval station; retrieving registered biometric data from a user record associated with the identification code at the database; comparing the biometric data derived from one or more proffered biometric characteristics with the retrieved registered biometric data; if a match is indicated, evaluating transaction data with respect to transaction rules; and if the transaction data complies with one or more transaction rules, indicating the transaction is approved.
 9. The method of claim 8, wherein a biometric characteristic is one of a fingerprint, an iris, a face, a voice, a retina, and a hand architecture.
 10. The method of claim 8, wherein the transaction data comprises an amount to be paid by the consumer to the merchant.
 11. The method of claim 10, wherein the transaction data further comprises an indication of at least one account from which the amount is to be paid.
 12. The method of claim 8, wherein the transaction data comprises a terminal identification number associated with the approval station.
 13. The method of claim 8, wherein the transaction data comprises a transaction reference number associated with the transaction.
 14. The method of claim 8, wherein transaction data complies with a transaction rule if a transaction does not exceed a payment amount.
 15. The method of claim 8, wherein transaction data complies with a transaction rule if a consumer meets or exceeds a minimum credit rating.
 16. The method of claim 8, wherein transaction data complies with a transaction rule if the transaction amount does not exceed a credit limit.
 17. The method of claim 8, wherein transaction data complies with a transaction rule if the transaction amount does not exceed a minimum balance in an account.
 18. The method of claim 8, wherein transaction data complies with a transaction rule if an account meets score criteria.
 19. The method of claim 8, wherein transaction data complies with a transaction rule if transaction data complies with one or more parameters established by a merchant or a consumer.
 20. The method of claim 8, wherein transaction data complies with a transaction rule dependent upon whether the transaction is for one or more specific good or service.
 21. A method of using a transaction system to provide approval of a transaction between a merchant and a consumer, wherein the method comprises: sampling, at the approval station, at a first location, a biometric characteristic of the consumer via a biometric identification device; receiving, at the approval station, an identification code proffered by the consumer; assembling, at the approval station, transaction data, wherein the transaction data includes at least a request for cash back; sending from the approval station to the central database, at a second location remote from the first location, the identification code proffered by the consumer and the transaction data; comparing, at the central database, the proffered identification code to identification codes stored in the central database; determining, at the central database, whether the proffered identification code matches an identification code stored in the central database; selecting, at the central database, potential matching registered biometric data based on the identification code; receiving, at the approval station, the potential matching registered biometric data from the central database; determining, at the approval station, whether a comparison of biometric data based on the sampled biometric characteristic with the potential matching registered biometric data indicates a match; and in the event that a match is indicated and the transaction data complies with transaction rules, including at least one or more cash back parameters, approving, at the approval station, the transaction. 